Cyber Security Accessor (Information Assurance / Cybersecurity)

Apply

Job Type

Full-time

Description

Are you detail oriented, motivated and a self-starter? If so, we want you to join our team! in this role you will support the Cyber Security Branch of the Agency. Responsible for conducting information assurance and cybersecurity tasks, including security audits, accreditations, and PCI compliance. Individual will operate as part of the Security Branch team working closely with department ISSO's and Senior Leadership to meet mission requirements. Utilizes experience and judgment to plan and accomplish enclave security related goals. Supports system or network designs that encompass multiple data center or networks to include those with differing data protection / classification requirements.

Primary duties to include :

• Conduct security assessments and evaluate the risk to the Agency's information systems, enclaves, products, technology, and applications in accordance with DoD 8510.01, "Risk Management Framework for DoD Information Technology" and required National Institute of Standards and Technology (NIST) and Payment Card Industry (PCI) standards.
• Document the results of security assessments within the Enterprise Mission Assurance Support System (eMASS) and Security Assessment Report as directed by the Cybersecurity Branch Chief.
• Execute Risk Management Framework (RMF) and NIST related cybersecurity tasks including technical and programmatic related research.
• Analyze changes to assess Agency cybersecurity related risks to include written Risk Assessment Reports and emerging, innovative mitigation strategies reports.
• Assess planned system / network changes for cybersecurity compliance and for adverse effect on compliance status including DoD Information Systems (IS), products and services; industrial control systems (ICS); privacy; and PCI DSS compliance. Document risk determinations and recommendations to the Government.
• Analyze and verify remediation of internal and external system security audit findings including PCI, Cybersecurity Service Provider, and CCRI / CCORI .Work with Agency PCI ISAs, system administrators, and Information System Security Managers / Officers, provide remediation guidance, validate remediation, and obtain appropriate artifacts and documentation using the current standards in effect.
• Track and verify Agency compliance with JFHQ-DoDIN directives. Document, distribute, and brief metrics, trends, and status of JFHQ-DoDIN directives as the CyberSecurity Branch Action Officer. Research and provide guidance on the proper implementation of directives.
• Review Plan of Action and Milestones (POA&Ms) for accuracy, verification of mitigations, and risk determinations as submitted by the Program Manager / System Manager.
• Schedule, Coordinate and Participate in working groups, meetings, and focus groups. .
• Track and verify compliance with vulnerability management requirements and timelines to ensure an acceptable level of enterprise risk is maintained. Draft reports on compliance with DoD Directive 8140.01, DoD Directive 8570, or other relevant directives. Develop, coordinate, and / or deliver cybersecurity training for the Cybersecurity Branch workforce. This training would include, but is not limited to, current security trends, internal processes, use of tools (e.g., eMASS), and new policies / guidance.

Requirements

Education / Experience : BA / BS in a technical discipline with at least 10 years of experience

Certifications : DoD 8570.01-M IAT Level III and CSSP-Auditor required at time of Hire

PCIP certification within 6 months of hire

eMass and prior Security Accessor experience

Personnel must hold required certifications at time of hire, and must maintain certifications for the entire performance period. Must be knowledgeable of Defense Department and industry-standard vulnerability assessment, risk assessment, security assessment, and penetration testing methods and practices. Be proficient with industry-standard information system auditing methods and practices, and Defense Department certification and accreditation methods and practices, including (but not limited to) DIACAP and NIST RMF, as well as security auditing methods and practices regarding Microsoft Windows domain administration, Windows and Non-Windows OS platforms such as UNIX variants, network devices, SQL and Oracle security, and virtual computing platforms, system access and authorization, and centralized management and logging. Proven experience working with teams in a dynamic matrix reporting environment. Handles multiple assignments and may lead concurrent projects. Experience interacting on a frequent basis with upper-level management. Experience reviewing audit work papers. ACL or data analytics experience a plus. Excellent written and verbal communications skills.

Proven analytical & problem solving skills. Ability to travel (up to 5%).

eMass experience required.

Candidate must have a Secret security clearance.

Full-time position located in Fort Lee, Virginia.

Onsite Support required- telework Authorized -Applicant must be located within a 60 Mile radius of Ft. Lee, Va.

About Us :

CompQsoft Inc. Established in 1997, headquarters in Houston, TX and office in Leesburg, VA. CompQsoft offers a range of comprehensive Cyber Security, Infrastructure, Cloud solutions, ERP implementation, Business Intelligence, Application development, Ecommerce applications and Management consulting services. CompQsoft is Certified CMMI Level 3 practitioner for Development and Services, ISO 9001 : 2015, ISO 27001 : 2013 & ISO 200001 : 2011 Certified. CompQsoft is a fast growing company with a strategy and methodology that is strongly focused on the success of our clients, predominantly the Federal government.

CompQsoft provides equal opportunity in all aspects of employment and in the working environment to all employees and applicants. CompQsoft does not take any nonmerit factors like race, color, religion, sex (gender), mental / physical disability, and age into account for purposes of recruitment, hiring and development.